Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Fri, Oct 11, 2019 at 01:46:16PM +0200, Philip Homburg wrote: > Maybe there is another question this working group can answer: > Does this working group recommend wifi deployments as NAT64? (of course > only NAT64, not paired with dual stack on another SSID) > - Is it recommended for a coffee shop or restaurant > - Is it recommended for an office lan, > - for a home situation > - for just a random conference? Given that doing dual-stack anywhere is "dual work", my recommendation for anything that needs proper monitoring would be "go single-stack if all possible". Which nowadays for "random visitor networks" can mean "NAT64+DNS64", given that this already nicely works in mobile networks and more and more "mobile internet usage" stuff is "iOS/Android clients or all-https" anyway. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
>> The difference is that FOSDEM promotes the NAT64 SSID as the main one and >> the dual stack SSID as the fallback. > >Yes. Which is exactly what we ask for . Just switch the default >and see what happens. > >https://blogs.cisco.com/developer/fosdem-2019-a-new-view-from-the-noc Maybe there is another question this working group can answer: Does this working group recommend wifi deployments as NAT64? (of course only NAT64, not paired with dual stack on another SSID) - Is it recommended for a coffee shop or restaurant - Is it recommended for an office lan, - for a home situation - for just a random conference? The cisco report on FOSDEM 2019 has an interesting statistic: "There were more clients on the IPv6 native network then on the IPv4 network, "with on Sunday afternoon ~3330 IPv4 DHCP clients against ~4300 reachable "IPv6-only clients and ~1300 IPv6 clients on the dual stack network. That suggests that 3330 'clients' picked the non-default dual stack network compared to 4300 'clients' that used the default SSID.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Philip Homburg (pch-rip...@u-1.phicoh.com) [191011 09:31]: > >> Troopers runs their main conference wifi with NAT64. If I'm not > >> mistaken, so does FOSDEM. > > > >True. > >FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014. > > FOSDEM is similar to the RIPE meeting in that they have both a dual stack > SSID and a NAT64 SSID. > > The difference is that FOSDEM promotes the NAT64 SSID as the main one and > the dual stack SSID as the fallback. Yes. Which is exactly what we ask for . Just switch the default and see what happens. https://blogs.cisco.com/developer/fosdem-2019-a-new-view-from-the-noc Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
*knock knock* is this mic on ? Once upon a time during the FOSDEM post-conference gathering with organizers I challenged the notion that the dual stack was the state of the art. The organizers, being themselves in various tech roles, agreed. It was interesting to get to those days bleeding edge. Of course with NAT64. Thus FOSDEM became the very first large-ish (above 5K clients) WiFi setups in the world to go with IPv6-only+NAT64 in the default SSID. The announcement was made during the opening session, which everyone attended. We maybe had 20% clients remaining on the default “bleeding edge”. Which is a testament to the immense power of human laziness aka the law of the default: it was several hundred times more compared to the previous year when they SSID was “on the side”. Mind you, this was the time when Android still wasn’t able to connect to IPv6 only on WiFi, and when iOS was flapping WiFi every minute, if connected to v6-only access. That time is long gone - every subsequent year the %% participation on the default IPv6-only access SSID nearly doubled. Were there complaints ? In single digits, sure. (And about complaints in general: no temperature in the room can help avoid having complaints about it being too cold or too hot. Some of those complaints came from dual stack SSID and general confusion that happened first year) - if there is anyone from rest of the FOSDEM network crew of those years reading this, please correct me if I am missing anything. But the overall feedback from the participants was overwhelmingly positive. And there was a lot of bug reports, questions, etc. directed at makers and vendors that didn’t support IPv6. Since then it’s business as usual and no one is even asking. So, IPv6-only access with NAT64 was a good thing to do for a technology-focused gathering of people. For an unrelated business-focused gathering that would not have been a useful idea. RIPE and IETF (and the vendor conferences for that matter) - being the mix of the two, are tricky to decide. To me it all depends on an answer to a simple question: “do we want to lead the trends or do we want to follow them, and which ones ?” NB: both are valid business strategies. What you care about with an IPv6 only access network at a short event is not necessarily just testing the apps. You care about the lasting memory and perception of that event that will be projected outward. It stopped being purely technical several years ago. I hear “but there are non-technical people who just wanna get their job done”. Ironically from my experience they are the least ones to have problems, because they don’t use fancy outdated VPNs. And even if they do - they are empathetic enough to understand the modern 20-year technology still has kinks to iron, and smart enough to switch over to “-fallback” SSID or similar. Would you not be in their position ? If no, I am sorry for you. If yes - why would you think of them as lesser capable humans? I hear “but if people experience problems with IPv6, it gives it a bad rap”. To which I reply - the opposite of love is not hate, its irrelevance and indifference. Make it the best possible experience and let the glitches drive the improvement. This is the same way everywhere - business, relationships, knowledge. I hear “but dualstack works fine”. Sure, but for a 4-day long event so does, from a layman’s practical standpoint, pure IPv4-only. Those in dire need of 128-bit address can use their corp VPN or - if they don’t have it - Cloudflare’s Warp+. The latter works beautifully over any legacy - and accelerates the web experience too! [shoutout to Mahtin. Thank you so much!] When I look at today’s application architectures and latest trends, I see a lot of parallels between today’s IPv4 Internet and PSTN from 30 years ago. It’s fascinating to imagine how it all looks in 30 years from now, in another perspective, when it inevitably changes again. Provided that whole climate thing still allows us to hang around :-) Thanks for listening if you made it till here. Sometimes I wish I could make a sequel to my now probably biggest career contribution (“NATs are good” video), but ironically that startup is no more, they got bought, and it’s all now a serious business, no kidding. —a > On 11 Oct 2019, at 09:30, Philip Homburg wrote: > > In your letter dated Thu, 10 Oct 2019 23:56:12 +0200 you wrote: >> * Gert Doering (g...@space.net) [191009 19:57]: >>> Troopers runs their main conference wifi with NAT64. If I'm not >>> mistaken, so does FOSDEM. >> >> True. >> FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014. > > FOSDEM is similar to the RIPE meeting in that they have both a dual stack > SSID and a NAT64 SSID. > > The difference is that FOSDEM promotes the NAT64 SSID as the main one and > the dual stack SSID as the fallback. > > >
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
In your letter dated Thu, 10 Oct 2019 23:56:12 +0200 you wrote: >* Gert Doering (g...@space.net) [191009 19:57]: >> Troopers runs their main conference wifi with NAT64. If I'm not >> mistaken, so does FOSDEM. > >True. >FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014. FOSDEM is similar to the RIPE meeting in that they have both a dual stack SSID and a NAT64 SSID. The difference is that FOSDEM promotes the NAT64 SSID as the main one and the dual stack SSID as the fallback.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Gert Doering (g...@space.net) [191009 19:57]: > Troopers runs their main conference wifi with NAT64. If I'm not > mistaken, so does FOSDEM. True. FOSDEM was Dualstack till 2013 and then switched to IPv6-only in 2014. Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Thu, Oct 10, 2019 at 6:35 PM Carlos Friaças wrote: > > ...writing this email from IPv6-only WiFi... > > Just out of plain curiosity: home environment, corporate environment, or > something else (i.e. 3rd party-managed, like an airport, coffee-shop)? Corporate. -- SY, Jen Linkova aka Furry
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Thu, Oct 10, 2019 at 09:53:29AM +0200, Thomas Schäfer wrote: > By the way: *single* SSID, > > What is the reason to provide > "ripemtg" and "ripemtg-2.4-79"? Somewhat wrong forum :-) - I think the issue was "band steering and funky wifi drivers", and people could move their 2.4GHz-only-devices to this SSID if they had problems in the dual-frequency SSID. Not sure if this is still a thing. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
By the way: *single* SSID, What is the reason to provide "ripemtg" and "ripemtg-2.4-79"? Outside of Ripemeetings I don't see different IDs for the different wifi frequencies. e.g. the eduroam in Munich, with daily 5 Users in peak, works fine without two separate SSIDs
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Thu, 10 Oct 2019, Jen Linkova wrote: (...) ...writing this email from IPv6-only WiFi... Just out of plain curiosity: home environment, corporate environment, or something else (i.e. 3rd party-managed, like an airport, coffee-shop)? Cheers, Carlos
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Thu, Oct 10, 2019 at 12:06 PM Job Snijders wrote: > So... one of the ideas to be explored is that there is a only a > *single* SSID, but through WPA-802.1X let the username decide what > 'profile' you want. [skip] > There ALREADY is an IPv6-only+NAT64 Wifi SSID. Use it if you want to. If > there aren't enough users on it, go back to the drawing board and > explore why that is. We do know why. The profile approach you suggested would work just *slightly* better than two SSIDs. Users do not care. They connect to the SSID their device remembered and if there are multiple 'known' SSIDs nobody would pay attention to which SSID their device is connected to. Imagine a WiFi network with a few thousands of users. Step 1. Opt-in. You ask them to 'try IPv6-only' SSID - you must be *very* lucky if you get more than 3-5% of users moving. Not because smth does not work for them but because they are lazy. Some of those who moved will be going back and forth between SSIDs w/o even knowing it - here the 802.1x profile might help. Step 2: Opt-out. You make the 'primary' SSID Ipv6-only and advise those who are seeing issues to use another SSID. In that case I'd expect to see between 70-85% of users stay on Ipv6-only (the number does depend on mobile/laptop ratio on the network). For exactly the same reason only 5% moves if you do opt-in: users are lazy and do not care which SSID they connect to if it works. ...writing this email from IPv6-only WiFi... > I maintain, let's first move this mailing list to an IPv6 only > environment, if that is a success, perhaps we can reconsider. I might be missing smth here: what does SMTP over IPv6 to do with the ability of running an IPv6-only meeting WiFi network? >If the > argument is "but then the rest of the world can't talk to us"... > exactly. Oh then please clarify what exactly do you mean by 'moving the mailing list to Ipv6-only environment'. Running the mail server in an IPv6-only DC which has SIIT? *That* would work. Removing all Ipv4 MXes/A? No it would not and the proper analogy would be 'making the RIPE WiFi Ipv6-only w/o providing NAT64'. -- SY, Jen Linkova aka Furry
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Let me first start with an alternative suggestion, and then delve into Sander's message itself. At IETF meetings there are numerous experiments going on at any given time too. Popping up an SSID for each experiment is not ideal, ever changing SSID names, or having too many SSIDs is not productive. So... one of the ideas to be explored is that there is a only a *single* SSID, but through WPA-802.1X let the username decide what 'profile' you want. It could be set up in such a way that depending on whether folks type in username "ipv4" or "dual" or "ipv6", they get an IPv4-only, Dualstack, or IPv6-only experience. If this approach is considered all flavors of wifi are equal, perhaps pacifying all factions attending RIPE. Ok, back to bickering: On Wed, Oct 09, 2019 at 05:06:09PM +0200, Sander Steffann wrote: > I am sure the few of us who run local DNSSEC validation would love the > opportunity to make it work. Finding IPv4 literals and fixing them is > a feature :) "DNSSEC to the host" might be the path forward as an alternative method to accomplish some of the desirable properties of DoH. If your goal is to find IPv4 literals, go ahead, find them. Perhaps other people have other priorities during the meeting and would like to focus on those instead. Perhaps, when I find an IPv4 literal, I can't fix it because it is outside my administrative domain. Then what? > > The 464XLAT component is complicated did cause signficant > > operational problems in the past. > > > > The net result is that with dual stack and NAT64 we now have two > > options of providing IPv6+IPv4 on a network. This is confusing to > > everybody who is not a network engineer. > > This _is_ a RIPE meeting... Thank you for the clarification, so we agree it is not the "IPv6 Only Meeting". > > Does dual stack require more IPv4 addresses? No, there are (of > > course multiple) ways to provide dual stack on wifi without > > consuming additional public IPv4 addresses. Plenty of ISPs provide > > consumers with dual stack wifi at home while maintaining an > > IPv6-only access network. > > There is also more and more live deployment of IPv6-only with NAT64. I > am honestly surprised by the back pressure in the RIPE community. If > production networks can deploy this for millions of users, why should > a small conference network with a huge number of network engineers be > any problem? For instance, it interferes with having a proper debugging experience on what happens when RPKI Invalids are dropped for both address families. I personally think that routing security in general is more important than this ipv6 project. DNS folks might also have their own agenda. RIPE is more than IPv6. There ALREADY is an IPv6-only+NAT64 Wifi SSID. Use it if you want to. If there aren't enough users on it, go back to the drawing board and explore why that is. I maintain, let's first move this mailing list to an IPv6 only environment, if that is a success, perhaps we can reconsider. If the argument is "but then the rest of the world can't talk to us"... exactly. Kind regards, Job
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Wed, Oct 09, 2019 at 06:26:18PM +0200, Philip Homburg wrote: > >I would expect such devices mostly in a home network (gaming consoles > >etc). On a business meeting network like RIPE the number of IPv4-only > >devices is negligible. > > I'm confused how it can be a good thing to use a different way to connect > to a RIPE meeting network then the one you would use at the office or at > home. Having "different network types" is, in itself, not a useful thing. But it's reality - you'll end up being in any sort of network when travelling. So exposing *network people* to the possible breakages of "oh, if I have no native IPv4 on wifi anymore, my multi-million VPN solution stops working" is a useful information. And much more useful than having your CEO call you at 3am from a wifi network in China with "I HAVE ONLY IPV6 HERE AND VPN IS NOT WORKING! GO FIX! NOW!". IPv6 does break things. They all need fixing. To *know* what is broken in the gazillion of different combinations of operating systems, vendors, applications needs exposure. Leaving comfort zone. [..] > I'm very happy with dual stack. It is a technology that just works and > doesn't need fixes on the host. Network configuration on hosts is > complicated enough. We don't need more options. Dual-stack is a pile of shit. It requires dual the amount of monitoring to *ensure* both protocols are both working correctly, dual the amount of firewall rules, etc. Worse, things like HE hide breakage in one protocol, so you "assume" you have a working dual-stack network, "because nobody is complaining"... Core networks need to run dual-stack for a long time to go, and it is a pain in the behind. Dual monitoring, dual routing protocols, dual filtering, ... (unless you do tricks with "two AFIs over one session", but peers usually do not support that). Inside edge networks, single-stack is the only thing that really makes sense - either hide in an IPv4 island behind a dual-stack application gateway, or go IPv6-only with DNS64/NAT64 (and possibly 464xlat) or with an dual-stack ALG to reach those IPv4-only services out there. [..] > > I am honestly surprised by the back pressure in the RIPE community. > > If production networks can deploy this for millions of users, why > > should a small conference network with a huge number of network > > engineers be any problem? > > There is quite a lot of NAT64 in mobile networks. As far as I know there > is very little NAT64 on wifi. But I might be wrong. Any pointers to > wide scale NAT64 on wifi? Troopers runs their main conference wifi with NAT64. If I'm not mistaken, so does FOSDEM. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Sander Steffann writes: > I would expect such devices mostly in a home network (gaming consoles > etc). On a business meeting network like RIPE the number of IPv4-only > devices is negligible. I guess there will be quite a few devices were people disable IPv6. >> We cannot use DNS64 if we expect IPv4 literals or local DNSSEC validation. > > I am sure the few of us who run local DNSSEC validation would love the > opportunity to make it work. Finding IPv4 literals and fixing them is a > feature :) And finding hosts in DNSSEC signed zones not supporting IPv6. I know at least one. Jens -- | Delbrueckstr. 41| 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
>I would expect such devices mostly in a home network (gaming consoles >etc). On a business meeting network like RIPE the number of IPv4-only >devices is negligible. I'm confused how it can be a good thing to use a different way to connect to a RIPE meeting network then the one you would use at the office or at home. >I am sure the few of us who run local DNSSEC validation would love the >opportunity to make it work. Finding IPv4 literals and fixing them is a >feature :) There is an experimental NAT64 network. That should be enough for people who love to fix something. I'm very happy with dual stack. It is a technology that just works and doesn't need fixes on the host. Network configuration on hosts is complicated enough. We don't need more options. >> The net result is that with dual stack and NAT64 we now have two >options of >> providing IPv6+IPv4 on a network. This is confusing to everybody who >is not >> a network engineer. > >This _is_ a RIPE meeting... I assumed that the point of testing this at a RIPE meeting is to deploy it in other locations. In those locations, most people are not network engineers but still have to deal with the fact that suddenly some devices/software don't work on some wifi networks. And they have no clue why not, other than that it has something to do with IPv6. > I am honestly surprised by the back pressure in the RIPE community. > If production networks can deploy this for millions of users, why > should a small conference network with a huge number of network > engineers be any problem? There is quite a lot of NAT64 in mobile networks. As far as I know there is very little NAT64 on wifi. But I might be wrong. Any pointers to wide scale NAT64 on wifi?
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, > Geert Jan de Groot wrote on 08/10/2019 12:56: >> In the Netherlands, there is no mobile operator providing IPv6 connectivity. >> None! > > That is technically _not_ true any-more. > > KPN *very recently* - 9/30/2019 - published information they are going to > begin enabling v6 for mobile customers.[0][1][2][3] Eagerly awaiting IPv6 on PDP_IP0 here :) PDP_IP1 (which is used for VoLTE) is already IPv6-only. Cheers, Sander
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi Philip, > In contrast NAT64 breaks existing systems in lots of subtle (and not so > subtle) ways. We cannot use NAT64 if we expect IPv4-only devices. I would expect such devices mostly in a home network (gaming consoles etc). On a business meeting network like RIPE the number of IPv4-only devices is negligible. > We cannot use DNS64 if we expect IPv4 literals or local DNSSEC validation. I am sure the few of us who run local DNSSEC validation would love the opportunity to make it work. Finding IPv4 literals and fixing them is a feature :) > The > 464XLAT component is complicated did cause signficant operational problems > in the past. > > The net result is that with dual stack and NAT64 we now have two options of > providing IPv6+IPv4 on a network. This is confusing to everybody who is not > a network engineer. This _is_ a RIPE meeting... > Does dual stack require more IPv4 addresses? No, there are (of course > multiple) > ways to provide dual stack on wifi without consuming additional public IPv4 > addresses. Plenty of ISPs provide consumers with dual stack wifi at home > while maintaining an IPv6-only access network. There is also more and more live deployment of IPv6-only with NAT64. I am honestly surprised by the back pressure in the RIPE community. If production networks can deploy this for millions of users, why should a small conference network with a huge number of network engineers be any problem? Cheers, Sander
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Philip Homburg writes: > NAT64 is also not attractive from a backward compatibility point of view: At the last meeting Enno talked[1] about plans for a large wireless deployment running v6 only + NAT64 / DNS64. As I know which "Supermarket" Enno is talking about: If this would be deployed in the next 6 month many participants of RIPE 80 would use such a network. Jens [1] https://ripe78.ripe.net/wp-content/uploads/presentations/117-RIPE78_ERNW_IPv6_Hotspots.pdf -- | Delbrueckstr. 41| 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
>It makes sense because the people interested to test this have already >done so to the point of seeing no problems for themself. But that group >is biased, probably running their services at home like vpn gateways at >dual stack or IPv6-only already and therefore they might simply not >encounter problems that might otherwise still be common. As IPv4 scarcity >is a reality now, public wifi installations might want to use NAT64 >networks eventually. So it makes sense to find out what would break >and should be fixed before this is deployed unto an unsuspecting public. >A community of highly qualified networking experts appears to be the >right group of people to have for a test audience. A common complaint about IPv6 is that IPv6 is not just "IPv4 with longer addresses", but made all kinds of changes that come back to bite us. Another complaint is that there are almost always two ways of doing something and sometimes many more. So If we compare NAT64 on wifi with dual stack then we see both complaints in action. Dual stack is perfectly compatible with IPv4-only devices. In fact, it works so well that nobody even notices that they are connecting to a dual stack network. In contrast NAT64 breaks existing systems in lots of subtle (and not so subtle) ways. We cannot use NAT64 if we expect IPv4-only devices. We cannot use DNS64 if we expect IPv4 literals or local DNSSEC validation. The 464XLAT component is complicated did cause signficant operational problems in the past. The net result is that with dual stack and NAT64 we now have two options of providing IPv6+IPv4 on a network. This is confusing to everybody who is not a network engineer. Does dual stack require more IPv4 addresses? No, there are (of course multiple) ways to provide dual stack on wifi without consuming additional public IPv4 addresses. Plenty of ISPs provide consumers with dual stack wifi at home while maintaining an IPv6-only access network.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Am 08.10.19 um 18:14 schrieb Wolfgang Zenker: On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 while still providing the dual stack network as a fallback, preferably combined with a helpdesk staffed by volunteers ready to analyze any problems that attendees might have, strikes me as a pretty good opportunity to raise awareness and to find problems where further work is needed. I would be a volunteer at ripe80, provided the DNS64/NAT64-Gateway isn't overbooked. That should be easy to ask 10 people. (the other 890 will not have problems at all) Do you want to investigate the problem? Do you want just switch to the classic network? Nobody will be without network and "we" would get an overview, where the problems are. Regards, Thomas -- There’s no place like ::1 Thomas Schäfer (Systemverwaltung) Ludwig-Maximilians-Universität Centrum für Informations- und Sprachverarbeitung Oettingenstraße 67 Raum C109 80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Philip Homburg [191008 20:47]: >> On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 >> while still providing the dual stack network as a fallback, preferably >> combined with a helpdesk staffed by volunteers ready to analyze any >> problems that attendees might have, strikes me as a pretty good opportunity >> to raise awareness and to find problems where further work is needed. >> From a host perspective, NAT64 directly on wifi is not attractive: it will > require an address translation component in every host to deal with legacy > applications that handle IPv4 literals. As I have used the NAT64 network at the last couple of meetings without any problems, I don't think there are that many applications around that woukd be used from the meeting network. Switching to NAT64 might help to get an impression of how widespread this kind of problem really is. > NAT64 is also not attractive from a backward compatibility point of view: > IPv4-only devices and hosts that are dual stack but lack the 464XLAT component > will fail. We are still talking about the default SSID at the RIPE meeting, right? I guess IPv4-only devices will be kind of rare as a client in that network, but of course that is only me guessing. As for dual-stack hosts: the NAT64 network comes with DNS64, so you will get a synthesised IPv6 address for IPv4-only targets and connect via that address. Maybe I misunderstood your point? > Considering those issues, why does it make sense to subject attendees of a > RIPE meeting to such a network? Anybody who wants to test can do that in the > current setup. Why trick other people into connecting to a network that > they are unlikely to encounter anywhere else? "Trick other people" is not the intention, of course this would have to be made public together with the SSID of the dual-stack network still running as a fallback, and whom to contact in case of problems. It makes sense because the people interested to test this have already done so to the point of seeing no problems for themself. But that group is biased, probably running their services at home like vpn gateways at dual stack or IPv6-only already and therefore they might simply not encounter problems that might otherwise still be common. As IPv4 scarcity is a reality now, public wifi installations might want to use NAT64 networks eventually. So it makes sense to find out what would break and should be fixed before this is deployed unto an unsuspecting public. A community of highly qualified networking experts appears to be the right group of people to have for a test audience. Wolfgang
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Geert Jan de Groot, Geert Jan de Groot wrote on 08/10/2019 12:56: In the Netherlands, there is no mobile operator providing IPv6 connectivity. None! That is technically _not_ true any-more. KPN *very recently* - 9/30/2019 - published information they are going to begin enabling v6 for mobile customers.[0][1][2][3] -- Chriztoffer [0]: https://twitter.com/internetthought/status/1178615698727346176 [1]: https://www.telecompaper.com/news/kpn-starts-moving-customers-to-ipv6--1310545 [2]: https://www.google.com/search?q=ipv6%20kpn%20mobile%20customer%20september%202019 [3]: https://forum.kpn.com/mobiele-diensten-18/ipv6-voor-het-mobiele-netwerk-479605 signature.asc Description: OpenPGP digital signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Tue, Oct 08, 2019 at 08:47:37PM +0200, Philip Homburg wrote: > Considering those issues, why does it make sense to subject attendees of a > RIPE meeting to such a network? "Raise awareness" comes to mind... Like "did your firewall vendor tell you that if you do VPN to your dual-stacked firewall over IPv6, you will only be able to reach IPv6 hosts on the inside"? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
>On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 >while still providing the dual stack network as a fallback, preferably >combined with a helpdesk staffed by volunteers ready to analyze any >problems that attendees might have, strikes me as a pretty good opportunity >to raise awareness and to find problems where further work is needed. >From a host perspective, NAT64 directly on wifi is not attractive: it will require an address translation component in every host to deal with legacy applications that handle IPv4 literals. NAT64 is also not attractive from a backward compatibility point of view: IPv4-only devices and hosts that are dual stack but lack the 464XLAT component will fail. Considering those issues, why does it make sense to subject attendees of a RIPE meeting to such a network? Anybody who wants to test can do that in the current setup. Why trick other people into connecting to a network that they are unlikely to encounter anywhere else?
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Job Snijders [191008 05:29]: > On Mon, Oct 07, 2019 at 08:11:41PM +0200, Enno Rey wrote: >> On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote: >>> * Martin Schr?der (mar...@oneiros.de) [191007 19:13]: Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht : > If I can get *one* person in this working group to go down to > their local coffee shop and make ipv6 work by whatever means > necessary (and Please start by eating your own dog food and make future RIPE meetings IPv6 only. >>> +1 >> we should definitely have a discussion about this in the 'open mic' >> slot in the wg in Rotterdam. Let's identify who to talk to, from the >> meetings' NOC and other circles within RIPE NCC, beforehand. > If folks are serious about killing dual-stack ... > Wouldn't it make more sense to first move this mailing list to an actual > ipv6-only environment? > Perhaps the WG could RIPE NCC to register a domain like > ripe-ipv6-only-wg.org. This domain would have authoritative nameservers > only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity > & a webserver with the charter, CoC, and mailing list archive only > accessible via IPv6. Much like how Marco David's dnslabs.nl is set up? I think both suggested measures (going 100% ipv6-only on the meeting network and on this mailing list) are a pretty bad idea. It might be useful if we want to congratulate ourselfes how cool we are and how good we can work in an IPv6-only environment, but it would have no use whatsoever to help the RIPE community and the internet at large to migrate towards a world where IPv6 is the "normal" protocol. On the other hand, switching the "default" meeting SSID to IPv6-only/NAT64 while still providing the dual stack network as a fallback, preferably combined with a helpdesk staffed by volunteers ready to analyze any problems that attendees might have, strikes me as a pretty good opportunity to raise awareness and to find problems where further work is needed. Wolfgang have,
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, there have been many great points made from the perspective of "edge / leaf networks" and end-user connectivity. An equally important is the serving side. One aspect often discussed are the availability of CDNs and major services. But another aspect are various SaaS and other non-infrastructure cloud deployments. Since I did XS26 20 years ago, I now found myself managing a growing set of cloud deployments on the SaaS side. And IPv6 is definitely not a first-class citizen, typically not configured by default, and often actually just unsupported. The current de-facto standard for modern deployments are Kubernetes clusters. And interestingly, I don't even have that clear an idea about how well it supports IPv6 given how completely irrelevant to our daily business life that is (even though I'm personally still subscribed e.g. to this mailing list). Apparently, K8s gained support for IPv6 just in the last year(!), but currently you have choice just between IPv4-only and IPv6-only and work on dualstack is still ongoing. Meanwhile, Docker+Kubernetes is *the* way to deploy cloud services everywhere right now, so that's a pretty tell-tale signal. And who knows what issues one will hit when at least the basic infrastructure is finally in place and can be enabled easily (or even becomes enabled by default). It's also not just about the technical capabilities, but also about the UX. Just replacing IPv4 with IPv6 in the addresses listed in the list of instances / pods / containers would have a huge influence on the mindset of the developers, but this by itself will need to overcome a huge friction. Also, entirely new major UX improvements will likely need to be developed, like having a DNS hostname autoconfiguration for every cluster unit so that you don't need to actually work with IP addresses manually anymore. So it's just not about using DNS for the fileserver (and every workstation) in your office LAN, but also about having one for each of the 1000 pods you have deployed in your microservice-oriented cluster in the cloud. Just wanted to add this perspective, from the cloud side - both the cloud providers, major cloud infrastructure frameworks and numerous other services still have ways to go to (A) support IPv6 at all, (B) support it without friction (esp. w/o endangering IPv4), (C) have first-class UX for IPv6 otherwise the mindset of users will be still IPv4-oriented. Kind regards, -- Petr Baudis, Rossum.ai Creating a world without manual data entry
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On 10/8/19 8:28 AM, Jen Linkova wrote: Dear WG, I apologise for coming late to the party, a long weekend to blame.. On Sun, Oct 6, 2019 at 10:53 AM Michel Py wrote: If you want a war that is your choice, but please go and fight it somewhere else. RIPE mailing lists are a place to be constructive and, as Job said, excellent to each other. Read the rest of my posts. I did not start the war. I did not start this thread. There are two ways to lose a war : lack of funds, and lack of courage. I have both. The war is global. Who do you think you are to tell me to take it somewhere else ? The chair of a mighty WG that has managed, in 20 years, to capture a whole 2.5% of the Internet traffic right in your own backyard at AMS-IX ? Kick me out of the mailing list, if you have the power to do so. [with my co-chair hat on] Michel, I understand that you might be upset with the current state of affairs. However I believe the whole discussion would be much more productive we we refrain from personal and/or provocative remarks. *especially* provocative remarks. I haven't seen such toxicity in anyone's messages in this list. This rhetoric is alien to this list (and community I believe and hope). Please, take it some place where its tolerated, not here Please be respectful to the WG participants, it would be highly appreciated. Thank you.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
In your letter dated Tue, 8 Oct 2019 12:56:15 +0200 you wrote: >In the Netherlands, there is no mobile operator providing IPv6 >connectivity. None! I cannot get IPv6 on my mobile connection! KPN announced last week (September 30) that they started providing mobile customers with IPv6. They seem quite careful, so it may take a while before they enable it everywhere. >Also, in the Netherlands, the one Internet-to-home provider providing >dual-stack IPv6 (w/o NAT mess) is being assimilated by it's parent who, >after twenty-five years, is still technologically behind and can't >deliver IPv6 themselves. As far as I know, KPN does have some IPv6 on DSL. Both Ziggo and KPN provide IPv6 with some sort of carrier grade NAT for IPv4. But it should be easy enough to obtain real IPv4 elsewhere...
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Folks, I've been out of the ISP business for a while now, but may I make some observations: Many of the major content providers are IPv6-enabled. The question is for end users, how to use IPv6 to access these services. In the Netherlands, there is no mobile operator providing IPv6 connectivity. None! I cannot get IPv6 on my mobile connection! Also, in the Netherlands, the one Internet-to-home provider providing dual-stack IPv6 (w/o NAT mess) is being assimilated by it's parent who, after twenty-five years, is still technologically behind and can't deliver IPv6 themselves. The mitigation to get IPv6 access for endusers who can't get IPv6 from their provider (sixxs.net) closed doors two year ago. I am not aware of any VPN-provider offering IPv6 service to allow endusers to augment the limited offering from their service provider. It isn't a matter of "switch to a provider who has", for endusers, there is *nothing to choose from*. We can do all kinds of exercises (IPv6-only event networks, eat-your-own-dogfood exercises), but there must be reasons for having a business case for not providing IPv6 to end users. Perhaps they are non-technical, but reasons they are; if there would be a business case, people would be doing it. And perhaps these (non-technical?) reasons should be something the WG can look at. A fair number of members of this WG are related to the ISP industry and perhaps can shine some light as to the "why don't you" for access providers? Geert Jan
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> > Wouldn't it make more sense to first move this mailing list to an actual > > ipv6-only environment? > > Bold move, but yes - why not? I'm assuming this is sarcasm -- unless we really want to isolate ourselves from the very people we should be reaching out to. Rob
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Job Snijders (j...@ntt.net) [191008 05:37]: > If folks are serious about killing dual-stack ... Hmm, I would rephrase that to: "If folks are serious about IPv6 and are willing to set a real incentive for this community to have a reality check and test their own infrastructure in a safe environment with losts of experts around..." Nobody wants to kill Dualstack right now. There will always be a legacy network as backup, like on every other RIPE meeting. But you won't see most of the common misconfigurations in a Dualstack Environment and it's time to move out of your comfort zone now. Manually switching from default SSID to some legacy fallback should not be a problem for those people with intentionally old infrastructure. People who still run Windows 95 in 2019 will clearly have the expertise to klick on a button, right? > Wouldn't it make more sense to first move this mailing list to an actual > ipv6-only environment? Bold move, but yes - why not? By now, everybody with fairly recent infrastructure should have at least Dualstack on their mailservers, so this shouldn't impose any problem, right? > Perhaps the WG could RIPE NCC to register a domain like > ripe-ipv6-only-wg.org. This domain would have authoritative nameservers > only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity > & a webserver with the charter, CoC, and mailing list archive only > accessible via IPv6. Much like how Marco David's dnslabs.nl is set up? Nice idea. You would have my support for this. Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
In your letter dated Mon, 7 Oct 2019 19:12:37 +0200 you wrote: >Please start by eating your own dog food and make future RIPE meetings >IPv6 only. I'm curious, who's dog food is that? None of the networks I connect to using wifi is 'IPv6-only'. I would love to drop IPv4 support in the code I write, but reality will be that I will have to support IPv4 for a long time.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
You should know the difference between IPv6-only mailhosts and IPv6-only Wi-Fi + DNS64/NAT64.ThomasAm 08.10.2019 05:29 schrieb Job Snijders :On Mon, Oct 07, 2019 at 08:11:41PM +0200, Enno Rey wrote: > On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote: > > * Martin Schr?der (mar...@oneiros.de) [191007 19:13]: > > > Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht : > > > > If I can get *one* person in this working group to go down to > > > > their local coffee shop and make ipv6 work by whatever means > > > > necessary (and > > > > > > Please start by eating your own dog food and make future RIPE > > > meetings IPv6 only. > > > > +1 > > > > Bj?rn > > we should definitely have a discussion about this in the 'open mic' > slot in the wg in Rotterdam. Let's identify who to talk to, from the > meetings' NOC and other circles within RIPE NCC, beforehand. If folks are serious about killing dual-stack ... Wouldn't it make more sense to first move this mailing list to an actual ipv6-only environment? Perhaps the WG could RIPE NCC to register a domain like ripe-ipv6-only-wg.org. This domain would have authoritative nameservers only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity & a webserver with the charter, CoC, and mailing list archive only accessible via IPv6. Much like how Marco David's dnslabs.nl is set up? Kind regards, Job
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Dear WG, I apologise for coming late to the party, a long weekend to blame.. On Sun, Oct 6, 2019 at 10:53 AM Michel Py wrote: > > If you want a war that is your choice, but please go and fight it somewhere > > else. RIPE > > mailing lists are a place to be constructive and, as Job said, excellent to > > each other. > > Read the rest of my posts. I did not start the war. I did not start this > thread. > There are two ways to lose a war : lack of funds, and lack of courage. I have > both. > > The war is global. Who do you think you are to tell me to take it somewhere > else ? > The chair of a mighty WG that has managed, in 20 years, to capture a whole > 2.5% of the Internet traffic right in your own backyard at AMS-IX ? > > Kick me out of the mailing list, if you have the power to do so. [with my co-chair hat on] Michel, I understand that you might be upset with the current state of affairs. However I believe the whole discussion would be much more productive we we refrain from personal and/or provocative remarks. Please be respectful to the WG participants, it would be highly appreciated. Thank you. -- SY, Jen Linkova aka Furry
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Mon, Oct 07, 2019 at 08:11:41PM +0200, Enno Rey wrote: > On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote: > > * Martin Schr?der (mar...@oneiros.de) [191007 19:13]: > > > Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht : > > > > If I can get *one* person in this working group to go down to > > > > their local coffee shop and make ipv6 work by whatever means > > > > necessary (and > > > > > > Please start by eating your own dog food and make future RIPE > > > meetings IPv6 only. > > > > +1 > > > > Bj?rn > > we should definitely have a discussion about this in the 'open mic' > slot in the wg in Rotterdam. Let's identify who to talk to, from the > meetings' NOC and other circles within RIPE NCC, beforehand. If folks are serious about killing dual-stack ... Wouldn't it make more sense to first move this mailing list to an actual ipv6-only environment? Perhaps the WG could RIPE NCC to register a domain like ripe-ipv6-only-wg.org. This domain would have authoritative nameservers only reachable via IPv6, an MTA that doesn't have any IPv4 connectivity & a webserver with the charter, CoC, and mailing list archive only accessible via IPv6. Much like how Marco David's dnslabs.nl is set up? Kind regards, Job
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Dave Taht writes: Dave, > If I can get *one* person in this working group to go down to their > local coffee shop and make ipv6 work by whatever means necessary (and > also fix their bufferbloat) - I'll consider my participation in this > thread a success. you have to be strong now. Your participation in this list is not a success. I know at least two places I'd count as coffee shop (besides coffee they also server real breakfast, lunch, dinner, cocktails, ...) who I don't need to convince to do IPv6. They just do it. I get a RFC1918 address and a global IPv6 address. And they don't mangle DNS, they don't have any strange portal where you have to accept an unknown usage policy. You just sit down, connect to the wireless and can work. One of those stores is just a couple of hundred meters from my current hotel so I consider it "local". And as they have around 90 franchise partners in Germany probably there are more then two offer 2 shops offering this service. Jens -- | Delbrueckstr. 41| 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Mon, Oct 07, 2019 at 08:05:18PM +0200, Bjoern Buerger wrote: > * Martin Schr?der (mar...@oneiros.de) [191007 19:13]: > > Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht : > > > If I can get *one* person in this working group to go down to their > > > local coffee shop and make ipv6 work by whatever means necessary (and > > > > Please start by eating your own dog food and make future RIPE meetings > > IPv6 only. > > +1 > > Bj?rn > we should definitely have a discussion about this in the 'open mic' slot in the wg in Rotterdam. Let's identify who to talk to, from the meetings' NOC and other circles within RIPE NCC, beforehand. cheers Enno -- Enno Rey theinternetprotocol.blog Twitter: @Enno_Insinuator
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Dave Taht (dave.t...@gmail.com) [191007 18:04]: > If I can get *one* person in this working group to go down to their > local coffee shop and make ipv6 work by whatever means necessary (and > also fix their bufferbloat) - I'll consider my participation in this > thread a success. [done] make Daves participation a success by helping local community downstairs to be IPv6 enabled. Actually, did that multiple times, not only with local coffeeshops. Also Hotels on the list. I guess, that converts me into a certified IPv6 zealot. Sorry about that ;-) [ ./. ] Bufferbloat well. This is the IPv6 working group. Maybe ask somewhere else... Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Martin Schröder (mar...@oneiros.de) [191007 19:13]: > Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht : > > If I can get *one* person in this working group to go down to their > > local coffee shop and make ipv6 work by whatever means necessary (and > > Please start by eating your own dog food and make future RIPE meetings > IPv6 only. +1 Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Mon, Oct 7, 2019 at 10:31 AM wrote: > > Fair enough Dave, I can't fix any of that - but this thread is so despondent, > I just hoped to make a few people smile! At one level, now knowing my own ennui is shared so widely cheers me up. "Pain shared, reduced, Joy shared, increased" - spider robinson But after throwing a few glasses of grief in the fireplace, it would be good to find ways of making constructive progress forward. > There are areas of IPv6 success and I consider my (small) participation a few > years ago to getting the UK's biggest mobile network onto native IPv6 one of > those successes > > Regards > > Bob > > -Original Message- > From: Dave Taht > Sent: 07 October 2019 17:37 > To: Sleigh,R,Bob,VQI R > Cc: Bjoern Buerger ; ipv6-wg@ripe.net IPv6 > > Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? > > On Mon, Oct 7, 2019 at 9:23 AM wrote: > > > > Congratulations on your contribution to success Dave! > > > > Regards > > > > Bob > > > > Sent from my local coffee shop - using my EE Mobile over native IPv6 > > Yea! thank you! That cheers me up a lot. I hadn't found a single coffee shop > yet that had it. But my request was that someone go to their local coffee > shop and *make* it work when it didn't already. > > Care to go for 2/2? Test for bufferbloat via dslreports.com and/or flent's > rrul test? > > > -Original Message----- > > From: ipv6-wg On Behalf Of Dave Taht > > Sent: 07 October 2019 17:04 > > To: Bjoern Buerger > > Cc: ipv6-wg@ripe.net IPv6 > > Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? > > > > If I can get *one* person in this working group to go down to their local > > coffee shop and make ipv6 work by whatever means necessary (and also fix > > their bufferbloat) - I'll consider my participation in this thread a > > success. > > > > > -- > > Dave Täht > CTO, TekLibre, LLC > http://www.teklibre.com > Tel: 1-831-205-9740 -- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Fair enough Dave, I can't fix any of that - but this thread is so despondent, I just hoped to make a few people smile! There are areas of IPv6 success and I consider my (small) participation a few years ago to getting the UK's biggest mobile network onto native IPv6 one of those successes Regards Bob -Original Message- From: Dave Taht Sent: 07 October 2019 17:37 To: Sleigh,R,Bob,VQI R Cc: Bjoern Buerger ; ipv6-wg@ripe.net IPv6 Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? On Mon, Oct 7, 2019 at 9:23 AM wrote: > > Congratulations on your contribution to success Dave! > > Regards > > Bob > > Sent from my local coffee shop - using my EE Mobile over native IPv6 Yea! thank you! That cheers me up a lot. I hadn't found a single coffee shop yet that had it. But my request was that someone go to their local coffee shop and *make* it work when it didn't already. Care to go for 2/2? Test for bufferbloat via dslreports.com and/or flent's rrul test? > -Original Message- > From: ipv6-wg On Behalf Of Dave Taht > Sent: 07 October 2019 17:04 > To: Bjoern Buerger > Cc: ipv6-wg@ripe.net IPv6 > Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? > > If I can get *one* person in this working group to go down to their local > coffee shop and make ipv6 work by whatever means necessary (and also fix > their bufferbloat) - I'll consider my participation in this thread a success. > -- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Mon, Oct 7, 2019 at 9:16 AM Job Snijders wrote: > > Dear Dave, > > On Mon, Oct 7, 2019 at 4:04 PM Dave Taht wrote: > > If I can get *one* person in this working group to go down to their > > local coffee shop and make ipv6 work by whatever means necessary (and > > also fix their bufferbloat) - I'll consider my participation in this > > thread a success. > > That may be how you measure success yourself, however I measure > differently: I consider your input in this thread insightful and > valuable, regardless of the coffee shop's connectivity. :blush: I have some feedback on a couple other things that have gone by on these threads that I guess you just encouraged me to write. You might regret encouraging me, but here's something that just poured out. > Influencing the connectivity of any public place (bar, coffee shop, or > mall) who don't consider their internet access service their core > business, can be really tricky. Any anecdotal data gleaned from that > experience is just that, anecdotal. Every journey begins with a single step. *enough* anecdotal experience (and a unified set of questions to ask) gathered this way turns into scientific evidence and a plan for making things better along this portion of the edge. It's less complicated to turn your local coffee shop owner on than it is to convince an enterprise. (besides, it's fun - I work 2 days a week out of coffee shops - and in my (our!) best interest to make the coffee shop's internet work as good as possible. For all I know the gig will turn into money - if only my patreon was about 10x higher (https://www.patreon.com/dtaht) I could stop working on "pets.com" stuff to stay alive - and try to work on more difficult issues more regularly) So like I said, it would be great if more folk fixed their local coffee shop and got first hand experience at low scale with the real issues remaining with ipv6 deployment. I've worked on a few "newer" ipv6 related technologies that might help speed deployment. as well as observed a few things about networks along the edge. Since I'm new around here, for those that don't know - I used to live in Nicaragua, where I first volunteered for the OLPC project. I fell in love with life down there, until my wifi failed in the rainy season due to bufferbloat (if anyone here wants more of that origin story for how cerowrt came to be, see: https://www.youtube.com/watch?v=Wksh2DPHCDI ). There was zero IPv6 deployed there along the edge when I was last there (and given the political situation, it's unlikely I'll go back soon). There was no local place to tunnel, either. The fiber along the highway between nicaragua and coasta rica had been cut years prior and nobody was moving to replace it. Still, from 2006- 2011 we went from adhoc wifi links going over the mountain to a cable and fiber deployment that sort of worked. The fiber deployment was *weird* single channel stuff, and the cable deployment typically was 5Mbit/1mbit when I was last there (2016). The ISPs cheaped out greatly on all the gear, all the gear was not rated for high temp and humidity and failed a lot, and I have pictures of what your typical electrical and network cabling look like down there that will make you shudder Anyway... Multiple small coffee shops and hotels down in SJDS have the most debloated internet possible - 'cause I talked folk into turning stuff on (between surfing excursions and boat drinks) they already had. Over the years I used that distance to test in the real world codel's (and BBR's) response to longer RTTs, and most recently sch_cake ( https://arxiv.org/pdf/1804.07617.pdf ) - (The other major place we test long RTTs is on the island of mauritus) Anyway, my mission #1 is to upgrade the middleboxes worldwide, to fix bufferbloat. While we're doing that it would pay to try and deploy newer stuff like ipv6, DNSSEC, mo' ipv4, observe what users outside the english speaking community are doing, and so on. Here's some traceroutes, please let me talk to them: http://blog.cerowrt.org/post/nicaragua/ All the classic ipv6 over ipv4 tunnelling technologies failed. I was able to get stuff over udp4 to be fairly reliable, but not to any standard anyone here is used to. Power often flickers 6+ times a day, and hitting reload on websites massively common - try to nail up a tcp or ssh connection and good luck for more than a few hours. This was kind of the advantage to trying to do ipv6 tunnels as my ssh connections would survive a blink. But who cares about ssh in a web world? Now, based on some of those experiences - I tended to regard reliable power distribution as a key starting point. Education - in spanish - the next one. How much ipv6 training is there in spanish? Getting ipv4 to work at all is a high demand item due to the tourist trade, and things like skype and whatsapp are the big tourist applications, whatsapp and yourube (due to the literacy problem) the big apps for locals. Cell rolled out *amazinging* in
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Am Mo., 7. Okt. 2019 um 18:04 Uhr schrieb Dave Taht : > If I can get *one* person in this working group to go down to their > local coffee shop and make ipv6 work by whatever means necessary (and Please start by eating your own dog food and make future RIPE meetings IPv6 only. Best Martin
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi Enno Not off the top of my head, but I'll ask around... Regards Bob -Original Message- From: Enno Rey Sent: 07 October 2019 17:36 To: Sleigh,R,Bob,VQI R Cc: dave.t...@gmail.com; b.buer...@penguin.de; ipv6-wg@ripe.net Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? Bob, not meaning to spoil the party but while we're at it, and out of genuine interest: can you give us an update on the status of IPv6 in the Non-EE part of BT Consumer? thanks Enno On Mon, Oct 07, 2019 at 04:27:00PM +, bob.sle...@bt.com wrote: > Congratulations on your contribution to success Dave! > > Regards > > Bob > > Sent from my local coffee shop - using my EE Mobile over native IPv6 > > -Original Message- > From: ipv6-wg On Behalf Of Dave Taht > Sent: 07 October 2019 17:04 > To: Bjoern Buerger > Cc: ipv6-wg@ripe.net IPv6 > Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? > > If I can get *one* person in this working group to go down to their local > coffee shop and make ipv6 work by whatever means necessary (and also fix > their bufferbloat) - I'll consider my participation in this thread a success. > -- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Mon, Oct 7, 2019 at 9:23 AM wrote: > > Congratulations on your contribution to success Dave! > > Regards > > Bob > > Sent from my local coffee shop - using my EE Mobile over native IPv6 Yea! thank you! That cheers me up a lot. I hadn't found a single coffee shop yet that had it. But my request was that someone go to their local coffee shop and *make* it work when it didn't already. Care to go for 2/2? Test for bufferbloat via dslreports.com and/or flent's rrul test? > -Original Message- > From: ipv6-wg On Behalf Of Dave Taht > Sent: 07 October 2019 17:04 > To: Bjoern Buerger > Cc: ipv6-wg@ripe.net IPv6 > Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? > > If I can get *one* person in this working group to go down to their local > coffee shop and make ipv6 work by whatever means necessary (and also fix > their bufferbloat) - I'll consider my participation in this thread a success. > -- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Bob, not meaning to spoil the party but while we're at it, and out of genuine interest: can you give us an update on the status of IPv6 in the Non-EE part of BT Consumer? thanks Enno On Mon, Oct 07, 2019 at 04:27:00PM +, bob.sle...@bt.com wrote: > Congratulations on your contribution to success Dave! > > Regards > > Bob > > Sent from my local coffee shop - using my EE Mobile over native IPv6 > > -Original Message- > From: ipv6-wg On Behalf Of Dave Taht > Sent: 07 October 2019 17:04 > To: Bjoern Buerger > Cc: ipv6-wg@ripe.net IPv6 > Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? > > If I can get *one* person in this working group to go down to their local > coffee shop and make ipv6 work by whatever means necessary (and also fix > their bufferbloat) - I'll consider my participation in this thread a success. > -- Enno Rey Cell: +49 173 6745902 Twitter: @Enno_Insinuator
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Congratulations on your contribution to success Dave! Regards Bob Sent from my local coffee shop - using my EE Mobile over native IPv6 -Original Message- From: ipv6-wg On Behalf Of Dave Taht Sent: 07 October 2019 17:04 To: Bjoern Buerger Cc: ipv6-wg@ripe.net IPv6 Subject: Re: [ipv6-wg] Have we failed as IPv6 Working Group? If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Dear Dave, On Mon, Oct 7, 2019 at 4:04 PM Dave Taht wrote: > If I can get *one* person in this working group to go down to their > local coffee shop and make ipv6 work by whatever means necessary (and > also fix their bufferbloat) - I'll consider my participation in this > thread a success. That may be how you measure success yourself, however I measure differently: I consider your input in this thread insightful and valuable, regardless of the coffee shop's connectivity. Influencing the connectivity of any public place (bar, coffee shop, or mall) who don't consider their internet access service their core business, can be really tricky. Any anecdotal data gleaned from that experience is just that, anecdotal. Kind regards, Job
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
If I can get *one* person in this working group to go down to their local coffee shop and make ipv6 work by whatever means necessary (and also fix their bufferbloat) - I'll consider my participation in this thread a success.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Mikael Abrahamsson (swm...@swm.pp.se) [191007 12:45]: > On Android/iOS I'd say it's production ready. Yes. > On classic desktop OSes like MacOS, Windows and Linux it's not. > The difference is the presence of widely available 464XLAT support. >From my observation, that's correct. Theoretically, there may be better solutions, but 464XLAT ist just fine and does the job. Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
* Gert Doering (g...@space.net) [191007 12:56]: > I take a bit of offense here. We did what we could to "protect the > newcomers" with the "last /22" policy, but "gone is gone" - there just is > not enough v4, what else could we have done? Let me answer this from the newcomer's side: You did good and the policy is fine as it is. Some of us just adapted and implemented IPv6 rightaway, taking those breadcrumbs of v4 as fallback, while the dinosaurs kept whining about missing IPv6 support for their outdated windows 95 machines (which could be funny, if it wasn't so pathetic). We did this despite the fact that the old economy will use it's legacy ressources to keep us out of the business and those who couldn't afford to wait for the dinosaurs to die out are using lots of cash to ease their pain. Most newcomers COULD easily go v6-only and although there would be problems, they would be able to handle that while moving forward. That is ... IF those dinosaurs would move just a tiny bit and at least implemented a minimum of IPv6 on their public services and at least application proxies or nat64 for the rest of their cruft. But it's the same story as with climate change: The next generation doesn't have a voice in this game, but will pay for the greed of those who where lucky enough to be there for a long time when plenty of ressources where available and the same legacy people are now whining about the cost of change. Bjørn
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Kai 'wusel' Siering wrote on 07/10/2019 12:28: On 07.10.19 13:21, Job Snijders wrote: Perhaps Kai referred to the RIR system as a whole I did. "the RIR system" does not mean "only RIPE". spreading the blame out doesn't change much. The problem of ipv4 exhaustion has been under discussion since the early 1990s, and that discussion encompassed the role of the RIRs as a whole, 240/4, ipv6, the role of fairness in ip addressing policies and lots more besides. You're welcome to propose that large cdns be assigned 240/4, although I wonder about the optics and wisdom of handing out this address space exclusively to the large players, and politely declining everyone else. Nick
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
We can surely pack up and go home after scraping up a /4. And we can even give it tactically to critical content delivery so people will be forced to move on it. As we speak the mobile industry is discussing IMSI depletion as it gears up to connect billion(s) of new gadgets to 5G. This is not a v4 vs v6 war, it’s v4 and v6. If anything, v6 should be focusing and doubling down on the new uses coming along and not freting about IT managers of broken intranets. > On 7 Oct 2019, at 11:33, Kai 'wusel' Siering wrote: > > Am 07.10.19 um 06:07 schrieb Michel Py: >>> Kai 'wusel' Siering >>> Rationale: an internal network needing more than 16 million IPv4 addresses >>> (10/8) does have the power to solve their >>> addressing needs with IPv6. This isn't true for newcomers that have to deal >>> with old players not enabling v6. >> I do not agree because it does not fit my use-case, but this is the best >> argument I have heard for many years. >> >> Keep in mind though : your idea is great, but it has been tried many times, >> for more than a decade, including by people who are respected players, big >> shots, and have serious clout, and it has repeatedly failed. What makes you >> think that you can make it work ? Everyone has tried, everyone has failed. >> Multiple times. > > What exactly are you asking about? Un-reserving 240/4 in general, or adding > it to the public space instead of wasting just more precious v4 space on > intranets? First, and again, I do not aim to 'liberate' 240/4, 0/8 or 127/8. > From my perspective IPv4 entered the stage 30+ years ago and is now on it's > farewell tour — which will take some more decades, until it finally becomes > irrelevant in the DFZ. Any changes to it, like changing 240/4's status, is > robbing a dead body. But _if_ people are considering to do this, to me public > unicast is the only valid option. Again, if you need more that 16 million IPs > for your intranet, IPv6 is your answer. I understand you dislike that, fine > by me; so go and grab unannounced public space, just be prepared for > renumbering. A quarter of 44/8 is already in active use by AWS, more of that > will happen: The Clouds need unprecedented amounts of v4 space. > > I have no doubt the RIR system will again fail to protect the newcomers, but > raising my voice is the only thing I can do. I'm not a LIR, ATM I don't > represent a LIR — and even if, as you already said, it's the money that > decides. Which means: 240/8 e. g. needs to go to and used by AWS, 241/8 to > GCP, 242/8 to CF; that should give lazy eyeball ISPs a reason to fix their v4 > gear, and I think 6 months from an IANA announcement of 240/4 becoming public > unicast to the first allocating is plenty of time for those involved. Would > that fix end-to-end globally? No. Does it matter? Not really. ISP<>Cloud/CDN > is what matters today; the rest will follow, taking the scenic route. > >> I must have missed what news you have about it. > > You have missed my point completely – see the "please note" in my post –, > presumably as it doesn't fit your point of view. I also have "enough" v4 > space for the forseeable future for my use case; I came early to the party, > and covered my needs. Unlike you, though, I still do look out of my swampy > pool and ponder about how things _should_ be, in that tiny dinosaur brain of > mine ;) > -kai > > >
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On 07.10.19 13:21, Job Snijders wrote: > Perhaps Kai referred to the RIR system as a whole I did. "the RIR system" does not mean "only RIPE". -kai
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Moin, on 07.10.19 12:56, Gert Doering wrote: > I take a bit of offense here. That's sad, and unintended; but that topic is totally OT here, as it is v4-only and about 1992-20something. -kai
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Perhaps Kai referred to the RIR system as a whole, not RIPE specifically. If a /4 goes to the RIRs that would be a perspective we’d need to consider on a global scale. On Mon, Oct 7, 2019 at 20:19 Nick Hilliard wrote: > Gert Doering wrote on 07/10/2019 11:56: > > I take a bit of offense here. We did what we could to "protect the > > newcomers" with the "last /22" policy, but "gone is gone" - there just is > > not enough v4, what else could we have done? > > No need to take offense - it's normal for our species to want to assign > blame when we're upset, and even more normal to want to fling poo at > other people to show how upset we are. > > It's not as if ipv4 exhaustion snuck up on everyone unnoticed. If > people don't like how things were handled, then why they didn't pipe up > with their suggestions while the problem was being discussed any time > over the last 25 years? It seems a bit odd to start complaining at the > point that the registries were scraping the last bits of address space > from the bottom of the barrel. > > Nick > >
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Gert Doering wrote on 07/10/2019 11:56: I take a bit of offense here. We did what we could to "protect the newcomers" with the "last /22" policy, but "gone is gone" - there just is not enough v4, what else could we have done? No need to take offense - it's normal for our species to want to assign blame when we're upset, and even more normal to want to fling poo at other people to show how upset we are. It's not as if ipv4 exhaustion snuck up on everyone unnoticed. If people don't like how things were handled, then why they didn't pipe up with their suggestions while the problem was being discussed any time over the last 25 years? It seems a bit odd to start complaining at the point that the registries were scraping the last bits of address space from the bottom of the barrel. Nick
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Mon, Oct 07, 2019 at 12:33:33PM +0200, Kai 'wusel' Siering wrote: > I have no doubt the RIR system will again fail to protect the newcomers, I take a bit of offense here. We did what we could to "protect the newcomers" with the "last /22" policy, but "gone is gone" - there just is not enough v4, what else could we have done? Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sun, 6 Oct 2019, Wolfgang Zenker wrote: Also for many years, we don't actually do it. And whoever it is that decides not to do it, is certainly part of the RIPE community. The only reason I can see is that at least that part of the RIPE community does not consider IPv6-only + NAT64 to be "production ready". On Android/iOS I'd say it's production ready. On classic desktop OSes like MacOS, Windows and Linux it's not. The difference is the presence of widely available 464XLAT support. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Am 07.10.19 um 06:07 schrieb Michel Py: >> Kai 'wusel' Siering >> Rationale: an internal network needing more than 16 million IPv4 addresses >> (10/8) does have the power to solve their >> addressing needs with IPv6. This isn't true for newcomers that have to deal >> with old players not enabling v6. > I do not agree because it does not fit my use-case, but this is the best > argument I have heard for many years. > > Keep in mind though : your idea is great, but it has been tried many times, > for more than a decade, including by people who are respected players, big > shots, and have serious clout, and it has repeatedly failed. What makes you > think that you can make it work ? Everyone has tried, everyone has failed. > Multiple times. What exactly are you asking about? Un-reserving 240/4 in general, or adding it to the public space instead of wasting just more precious v4 space on intranets? First, and again, I do not aim to 'liberate' 240/4, 0/8 or 127/8. From my perspective IPv4 entered the stage 30+ years ago and is now on it's farewell tour — which will take some more decades, until it finally becomes irrelevant in the DFZ. Any changes to it, like changing 240/4's status, is robbing a dead body. But _if_ people are considering to do this, to me public unicast is the only valid option. Again, if you need more that 16 million IPs for your intranet, IPv6 is your answer. I understand you dislike that, fine by me; so go and grab unannounced public space, just be prepared for renumbering. A quarter of 44/8 is already in active use by AWS, more of that will happen: The Clouds need unprecedented amounts of v4 space. I have no doubt the RIR system will again fail to protect the newcomers, but raising my voice is the only thing I can do. I'm not a LIR, ATM I don't represent a LIR — and even if, as you already said, it's the money that decides. Which means: 240/8 e. g. needs to go to and used by AWS, 241/8 to GCP, 242/8 to CF; that should give lazy eyeball ISPs a reason to fix their v4 gear, and I think 6 months from an IANA announcement of 240/4 becoming public unicast to the first allocating is plenty of time for those involved. Would that fix end-to-end globally? No. Does it matter? Not really. ISP<>Cloud/CDN is what matters today; the rest will follow, taking the scenic route. > I must have missed what news you have about it. You have missed my point completely – see the "please note" in my post –, presumably as it doesn't fit your point of view. I also have "enough" v4 space for the forseeable future for my use case; I came early to the party, and covered my needs. Unlike you, though, I still do look out of my swampy pool and ponder about how things _should_ be, in that tiny dinosaur brain of mine ;) -kai
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi all, On 05/10/2019 15:05, Lee Howard wrote: >> that said, we need more running code, still, which only then can >> get into a deployment, and nobody's funding that. > > Do you mean CeroWRT specifically, or code in general? > > I was thinking about some Hackathon projects to add IPv6 capability to > open source projects. here are the results of the IPv6-themed hackathon we did 2 years ago: https://labs.ripe.net/Members/becha/results-hackathon-version-6 One of the projects have added some IPv6 capability to PCAP tools (libpcap) ... (links to code: https://github.com/RIPE-Atlas-Community/ripe-atlas-community-contrib/blob/master/README.md ) If you are interested in a follow-up event in 2020, please contact me. Regards, Vesna Manojlovic Community Builder RIPE NCC
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Kai 'wusel' Siering > Rationale: an internal network needing more than 16 million IPv4 addresses > (10/8) does have the power to solve their > addressing needs with IPv6. This isn't true for newcomers that have to deal > with old players not enabling v6. I do not agree because it does not fit my use-case, but this is the best argument I have heard for many years. Keep in mind though : your idea is great, but it has been tried many times, for more than a decade, including by people who are respected players, big shots, and have serious clout, and it has repeatedly failed. What makes you think that you can make it work ? Everyone has tried, everyone has failed. Multiple times. I must have missed what news you have about it. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Uros Gaber wrote : > But what other solution do you see, a brand new protocol that takes another x > years for adoption, > that will in far end still cause dual or better yet triple stack deployment? No. It has to be a single-stack protocol fully backwards compatible. Dual-stacking is the fatal flaw. In the old days, the thinking was something like "oh everyone will dual-stack for 2 or 3 years, and then IPv4 will die". The problem is, we are 20 years into it already and possibly another 20 years going forward. Dual-stacking for 40 years is not a solution. Yes, it will take decades, especially since it is not even started. I have all the time in the world. > IPv4 will not be dead any time soon, this I think is clear to anyone dealing > in network deployment, I don't think it is to everyone. I don't know if you read Nanog, do you know what the latest idea an IPv6 crackhead came up with to accelerate deployment ? Taxing IPv4. A $2/mo/per IP tax, worldwide. https://mailman.nanog.org/pipermail/nanog/2019-October/103279.html https://mailman.nanog.org/pipermail/nanog/2019-October/103280.html I'm guessing that what comes next is a constitutional amendment to prohibit IPv4. > but again it (should) also be clear to these same people that to sustain and > keep > the anywhere-to-everywhere connectivity the IPv6 is the only viable option. It's not even on the agenda. I don't have to be ready. I am quite happy in my dinosaur swamp with my dinosaur friends, my dinosaur supply chain, my dinosaur customers, and my dinosaur transit providers. My swamp is quite big, too. It's called the Internet. The asteroid that was supposed to extinct us came, 4 years ago in the ARIN region. Did not hit anybody I know. Did not even feel any heat or tremors. The extinction event did not happen. I don't need the anywhere-to-everywhere connectivity. As a matter of fact, if the Internet becomes balkanized and v4 and v6 split, I would not mind a bit. The IPv4 ecosystem is big enough to survive on its own for the next 30 years. There are plenty of dinosaurs left, and a lot of them have pretty big teeth. Who's next on my dinner menu ? Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Olivier MJ Crépin-Leblond wrote : > I don't mean to be criticising in any way, but running services on obsolete > operating systems is a risk in itself, if the computer is connected to the > Internet. We are well-aware of the risks. None of the production computers have Internet access. Most of the time, there is no DNS either, the USB ports (if recent enough) are disabled, there usually is a mouse or trackball or lightpen but not always a keyboard. Somehow, that data will eventually end up somewhere on an Internet portal that customers can access, but there are complex processes in between. > Everything has a sell by date. All hardware becomes obsolete too. We are painfully aware of that, too. And we have spares dating back to the 486 area. We machine or 3D print some parts. We replace surface-mount ICs if required. I'm trying to VM these, but they often require some proprietary hardware that can't even be VM'ed. Because everyone has asked, why don't I just e-waste these pieces of antique junk ? because they drive a multi-ton multi-million tool that will take a year to replace with a team of two dozen people. Just the man hours are several hundred thousand dollars or possibly over a million, not to mention the cost of the tool. And even if the new tool runs on newer hardware and OS that could support IV6, the proprietary app probably won't in the first place. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Moin, am 06.10.19 um 10:59 schrieb Gert Doering: > Hi, > > On Sun, Oct 06, 2019 at 12:38:14AM +0200, Kai 'wusel' Siering wrote: >> If 240/4 is to be given a different status than "reserved", the >> only valid option is "public unicast", spread across the RIRs as >> recovered space. As has been stated here may times, IPv4 is here >> to stay, so it's vital that relevant amounts of "new" space are put >> into the public pool. > I'd actually say "private" is a better denomination. > > To make this useful as "public unicast", you need to upgrade *everything* > in the path between a device using 240/4 and "whatever it wants to talk to", > because un-upgraded routers or firewalls will just drop your packets > otherwise - so, if RIPE were to give out a subnet of 240/4, it would not > be very useful for "Internet" usage. I didn't say it would be a quick win; I'm aware of the issues. 240/4 space would remain of limited reachability for the forseeable future. After being declared to become public space via an RFC, devices that still receive updates will learn about 240/4, thus lessening the reachablility issue over time, though. Rationale: an internal network needing more than 16 million IPv4 addresses (10/8) does have the power to solve their addressing needs with IPv6. This isn't true for newcomers that have to deal with old players not enabling v6. Please note: I'm not proposing do touch 240/4, 0/8 or 127/8, but _if_ those are touched, they should be given to the public. Regards, -kai
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi Jen, * Jen Linkova [191005 03:46]: > On Fri, Oct 4, 2019 at 5:41 AM Wolfgang Zenker wrote: >> ... the default network at RIPE Meetings is the dual-stack network, with >> the IPv6-only (NAT64) network as a barely used extra which is "supported >> on a best effort basis". With the effect that almost no-one except a few >> "ipv6 zealots" uses it. This tells me that a significant part of the >> RIPE community does not only consider this setup "not production ready" >> but expects an amount of breakage so huge that it's not acceptable to >> try it out and see what would actually break (while still offering a >> dual-stack network as a fallback, of course). > I'm not sure I can follow the logic here. What you are saying about > 'do not consider production ready' would have been true if users made > a decision which SSID to connect every time (and that decision took > into account the protocol version). But it's clearly not the case. > First time attendees connect to whatever SSID is specified in the > booklet and/or has the most intuitive name. Returning attendees let > their laptops/phones connect to SSID their devices remember. > There is an SSID which has been there for years, which is printed on > the booklets etc and it's name matches the meeting name. > And there are other SSIDs - which are not listed in the booklet, their > names are longer (which for MacOS at least might mean that they are > shown *below* the main one in the list) etc. I'm sure that even if all > of them were dual-stack, the main one would have attracted the vast > majority of the userbase. I guess you misunderstood what I was trying to say here. For years we have had the "default network" (dual stack) and the "experimental?" network (ipv6 + NAT64). And for years some people have asked to make the ipv6/nat64 network the "default network" and give a different SSID to the dual stack network, with the intention to see real usage on the ipv6-only network (which would happen because people are lazy). That should enable us to find any remaining problems quickly, and should hopefully show to the users that IPv6 is something that works and is nothing to be afraid of. Also for many years, we don't actually do it. And whoever it is that decides not to do it, is certainly part of the RIPE community. The only reason I can see is that at least that part of the RIPE community does not consider IPv6-only + NAT64 to be "production ready". >> [..] >> I maybe wouldn't call the IPv6 WG "failed", but it clearly still has a >> long way to go until we can claim "mission accomplished". > I do not think anyone promised it's going to be easy ;) > On a more serious note, two things: > 1) I quickly checked the 2013 survey. It does not even mention IPv6. > Are you still calling it 'no progress' and 'failure'? ;) > 2) By lucky coincidence we have a slot in Rotterdam to discuss the > working group strategy and future. Let's talk about it. Seeing that timeslot on the agenda was actually one reason for me to start this thread, to get discussions started ahead of the meeting. Greetings, Wolfgang
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
"S.P.Zeidler" writes: > Given we'll have enterprise walled gardens with v4 inside for a long time, > that indeed will take decades. If you plan projects that span more than > one decade, making sure it's IPv6 capable will at least save you money > in the long run, because enterprise-only features come at a premium. A couple of years ago I did an IPv6 workshop for a not so small SAP outsourcing company- I told them "what ever you do make sure your that everything you buy is IPv6 capable." About a year later I was told that they can't implement v6 because they just bought a internal cloud thing that did not support IPv6. Jens -- | Delbrueckstr. 41| 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Thus wrote Mikael Abrahamsson (swm...@swm.pp.se): > I don't think IPv6 has failed, I just think it's going to take a long time, > and especially the last 10% is going to take a really really long time. > Decades. At some point in time IPv4 code will rot, and see too little testing to be still useful, and around then v4 will die pretty quickly. Given we'll have enterprise walled gardens with v4 inside for a long time, that indeed will take decades. If you plan projects that span more than one decade, making sure it's IPv6 capable will at least save you money in the long run, because enterprise-only features come at a premium. regards, spz -- s...@serpens.de (S.P.Zeidler)
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Dear Michel, On 04/10/2019 17:16, Michel Py wrote: > 3 months ago, I turned DECNET off on my network. It was actually not even an > IT/network decision; customer decided they were done with a product, and we > de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, > MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some. I don't mean to be criticising in any way, but running services on obsolete operating systems is a risk in itself, if the computer is connected to the Internet. For example, Windows 2000 end of support was as far back as July 13, 2010. https://blogs.technet.microsoft.com/education/2009/11/10/windows-2000-end-of-life/ That means no security updates. With today's Internet being nothing like the Internet back in 2000, is this really reasonable? Unless, of course, the hardware is behind some modern firewalls. Everything has a sell by date. All hardware becomes obsolete too. Kindest regards, Olivier
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, Fine, i get it: It's not only Microsoft and Cisco. But this WG goes way beyond Eric and Veronika... so we might have someone who can actually help already in the WG, or we (collectively) need to find those who can make a difference. But, imho, such list of 'gaps' is very, very useful! Cheers, Carlos On Sun, 6 Oct 2019, Jens Link wrote: Carlos Friaças via ipv6-wg writes: Hi Alexander, All, Github is now owned by Microsoft. Someone from Microsoft reading this? Maybe Veronika from Microsoft and the UK IPv6 Council? Cisco: just saw a post from Eric Vyncke. :-)) twitter, slack, amazon, stackexchange, redhat (registration does not work on v6 only), And from my Linux from Scratch experiment, see my presentation at RIPE76[1], all or at least some hosts from these domains dont support v6; astron.com github.com greenwoodsoftware.com infodrom.org linuxfromscratch.org mpfr.org sourceforge.net sourceware.org tukaani.org zlib.net Jens [1] https://ripe76.ripe.net/wp-content/uploads/presentations/146-we_dont_need_ipv6.pdf -- | Delbrueckstr. 41| 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Carlos Friaças via ipv6-wg writes: > Hi Alexander, All, > > Github is now owned by Microsoft. > Someone from Microsoft reading this? Maybe Veronika from Microsoft and > the UK IPv6 Council? > > Cisco: just saw a post from Eric Vyncke. :-)) twitter, slack, amazon, stackexchange, redhat (registration does not work on v6 only), And from my Linux from Scratch experiment, see my presentation at RIPE76[1], all or at least some hosts from these domains dont support v6; astron.com github.com greenwoodsoftware.com infodrom.org linuxfromscratch.org mpfr.org sourceforge.net sourceware.org tukaani.org zlib.net Jens [1] https://ripe76.ripe.net/wp-content/uploads/presentations/146-we_dont_need_ipv6.pdf -- | Delbrueckstr. 41| 12051 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@quux.de| --- |
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Sun, Oct 06, 2019 at 12:38:14AM +0200, Kai 'wusel' Siering wrote: > Am 05.10.19 um 22:30 schrieb Michel Py: > > This 240/4 as an extension of RFC1918 thing is the perfect example of it. > > If 240/4 is to be given a different status than "reserved", the > only valid option is "public unicast", spread across the RIRs as > recovered space. As has been stated here may times, IPv4 is here > to stay, so it's vital that relevant amounts of "new" space are put > into the public pool. I'd actually say "private" is a better denomination. To make this useful as "public unicast", you need to upgrade *everything* in the path between a device using 240/4 and "whatever it wants to talk to", because un-upgraded routers or firewalls will just drop your packets otherwise - so, if RIPE were to give out a subnet of 240/4, it would not be very useful for "Internet" usage. OTOH, if you're willing to upgrade your multi-million enterprise network to make sure all devices support 240/4, it's all under your own control and can be done. (Would I do it? No... anything old won't grow support for it, and anything *new* can do IPv6 for new deployments - on islands, with gateways in between, but incidentially that's the only way a 240/4 deployment could succeeed as well. But hey, not my career to bet on 240/4 being useful :-) ) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Sat, Oct 05, 2019 at 09:24:13PM +0200, Anton Rieger wrote: > On Sat, Oct 05, 2019 at 08:10:19PM +0200, Gert Doering wrote: > >Uh, no. The IETF decides what it is, and if they say it's private > >(like they did with RFC1918), then it is. > > > >If they say it's "reserved", it's not up for grabs (neither for the RIRs > >not for any private deployment either). > > > >"Not RIR space" does not make it "private", there are at least 3 different > >states. > > Best examples are 1.1.1.1 and 5.5.5.5 1.1.1.1 is APNIC space, which was very officially given to CF and documented as such. inetnum:1.1.1.0 - 1.1.1.255 netname:APNIC-LABS descr: APNIC and Cloudflare DNS Resolver project descr: Routed globally by AS13335/Cloudflare descr: Research prefix for APNIC Labs 5.5.5.5 is part of Telefonica's allocation inetnum:5.4.0.0 - 5.7.255.255 netname:DE-MEDIAWAYS-20120425 country:DE org:ORG-TDG4-RIPE ... and anyone using it for their private VPN is squatting on address space not belonging to him (and yes, I think this was a fairly bad decision "back when this space was still free" - even then it was not "up for grabs"). Fairly easy this. If it's not yours, or designated as "free for all", you do not use it. Otherwise the ghosts of the Internet will come and haunt you. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sat, 5 Oct 2019, 'Job Snijders' wrote: I posit: the further an IP packet has to travel, the less likely it is to be an IPv6 packet. Looking at who has deployed IPv6 and how these people communicate, this is most likely true. IPv6 is most common today on eyeball<->CDN traffic. Looking at what kind of companies have deployed IPv6 to eyeballs, this is mostly larger ISPs. So we have a subset of ISPs and a subset of CDNs that both have deployed IPv6, and both these subsets tend to communicate over direct interconnections so these stats are not public. A lot of the organisations that were eager to deploy IPv6 have done so. Large companies with significant engineering resources that had to fight uphill to get evertthing to work. The organisations deploying IPv6 now might be less eager, but they will also have less struggle. A significant amount of development work to support IPv6 has been done already. It's still non-trivial work, but it should be easier than before. I also note clustering. Lots of companies are "followers". They will not be the first one to do something, but instead will copy someone else. In some countries there is lots of IPv6, and in others there isn't. I see the same way with DNSSEC validation and other technologies. The good thing now is that it's not useless to deploy IPv6. As soon as you turn on IPv6 to eyeballs, you get significant IPv6 traffic. I've heard people mention 50-70%, which is what my household also is at (mostly streaming video from CDNs). I don't think IPv6 has failed, I just think it's going to take a long time, and especially the last 10% is going to take a really really long time. Decades. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
100% of internet will happen 100% of all networks will not On 10/05/2019 11:02 PM, Michel Py wrote: > I did not start this thread, but it is time to acknowledge that talks of 100% > IPv6 are not something that should be on the table at this time.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Sander Steffann wrote : > If you want a war that is your choice, but please go and fight it somewhere > else. RIPE > mailing lists are a place to be constructive and, as Job said, excellent to > each other. Read the rest of my posts. I did not start the war. I did not start this thread. There are two ways to lose a war : lack of funds, and lack of courage. I have both. The war is global. Who do you think you are to tell me to take it somewhere else ? The chair of a mighty WG that has managed, in 20 years, to capture a whole 2.5% of the Internet traffic right in your own backyard at AMS-IX ? Kick me out of the mailing list, if you have the power to do so. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi Michael, > Time to be nice has come, and gone. The IPv6 camp has clearly stated that > their goal is to win the war. Battle time. If you want a war that is your choice, but please go and fight it somewhere else. RIPE mailing lists are a place to be constructive and, as Job said, excellent to each other. Cheers, Sander
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Am 04.10.2019 um 08:56 schrieb Carlos Friaças via ipv6-wg : > > Some years ago i also did a local test by removing the IPv4 address from my > laptop to see if i could bear with a full day of work without it. I couldn't. > After two hours i placed it back, but at the time i already had a list of > "things to fix", with stuff which was only accessible by IPv4. If you have > the time, i recommend you to do it. It's also a way of advancing IPv6 > deployment, if you have the time/patience. Same thing I’ve also tried several weeks ago The problem comes when trying to fix issues outside your reach. For example: try to access Github. Even Cisco Website. Try to login. The intermediate step of the Pingfed solution doing the SSO login is IPv4-only. This is very frustrating. The biggest network vendor isn’t fully reachable via IPv6-only. - Alex This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith. Click http://www.merckgroup.com/disclaimer to access the German, French, Spanish and Portuguese versions of this disclaimer.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
>> Michel Py wrote : >> This 240/4 as an extension of RFC1918 thing is the perfect example of it. > Kai 'wusel' Siering wrote : > If 240/4 is to be given a different status than "reserved", the only valid > option is "public unicast", I agree with unicast, but not public. > spread across the RIRs as recovered space. I have to disagree with that. I would agree if it was an achievable goal, but it is not. The multiple attempts over the years to make this space available have all failed, and there is a reason for it : it would create a second-class address space, that the devices with unpatched kernels would not be able to access. In other words : it would require an update to every device that connects to the Internet, which is too much hassle. > As has been stated here may times, IPv4 is here to stay, so it's vital > that relevant amounts of "new" space are put into the public pool. Maybe so, but that battle can not be won. Besides, a /4 would buy how much time ? a year or two ? it's futile. Focus on things that have a chance. > Enno Rey wrote : > or about the rumours that the DoD has been encouraged to make some of its > address space available to ARIN ;-) The smiley was right on ! DoD has a trillion dollar budget, even at $1000 / IP it would not make a difference. They don't know anything that is less than a billion ;-) I had that question once, actually. - 10/8 is too small, which of the un-announced DoD blocks is the best to squat ? - You must be kidding, you want to squat IP space from people who have nukes and have used them on civilians before ? - Oh, they can't nuke us. They have a big base 1/4 mile away. - Oh great, now you are telling me that they have a freaking brigade next to your backyard and you are going to hijack one of their class A? - Squat, not hijack. Yeah, they'll never know about it. 30/8. There are so many orgs using it that the DoD will never release it. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Sun, Oct 06, 2019 at 12:38:14AM +0200, Kai 'wusel' Siering wrote: > > > Net result : organizations that need more than 10/8 are now (and they are > > plenty of examples) squatting un-announced DoD space such as 30/8. > > Maybe someone should tell them about IPv6 then. or about the rumours that the DoD has been encouraged to make some of its address space available to ARIN ;-) cheers Enno -- Enno Rey @Enno_Insinuator
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Am 05.10.19 um 22:30 schrieb Michel Py: > This 240/4 as an extension of RFC1918 thing is the perfect example of it. If 240/4 is to be given a different status than "reserved", the only valid option is "public unicast", spread across the RIRs as recovered space. As has been stated here may times, IPv4 is here to stay, so it's vital that relevant amounts of "new" space are put into the public pool. > Net result : organizations that need more than 10/8 are now (and they are > plenty of examples) squatting un-announced DoD space such as 30/8. Maybe someone should tell them about IPv6 then. -kai
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Sat, 5 Oct 2019, Michel Py wrote: Carlos Friaças wrote : Admitting that "zealotism" is not a got thing might be a good 1st step. I did not create the IPv4 zealots, I joined their ranks by economic necessity. I do not like it, but I need the IPv4 ecosystem for 20 more years and I am not going to let the IPv6 zealots destroy my business. Can you let everyone know which ASN or ASNs do you run...? :-) 3 months ago, I turned DECNET off on my network. It was actually not even an IT/network decision; customer decided they were done with a product, and we de-commissioned the tools with DECNET. Business decision. We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I probably forget some. So, hardly any IPv6 there :-) 100% IPv4 :-) OK, so you meant *old* Solaris :-))) If a new project pops up that will need 10x the public address space you have... good luck. I already have several times more public space than I need. And, $20/IP is nothing in the cost of a new project. Sure. And you are sitting in the 2nd largest economy in the world? (or the 1st? i lost track...). And what about everyone else, sitting in different continents, in developing regions, where $20/IP is really a show-stopper...? The Internet is supposed to be global, right? Carlos Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sat, Oct 05, 2019 at 09:02:27PM +, Michel Py wrote: > Do you measure what is happening on private interconnects ? MMR > traffic ? Yes, looking at stats at NTT (a network which basically is only private interconnects), I see a similar pattern as we observe at AMS-IX. I'll see what detalis I can share. It would be nice if more players would share a normalised overview of IPv4 vs IPv6 percentages, just like AMS-IX does. > I would guess that a good part of the IPv6 traffic is between large > players, and that somehow they may have changed their peering scheme ? I find it hard to believe that two networks would end up exchanging IPv6 traffic over private connections, and at the same time keep IPv4 traffic on public IXPs or transit. That doesn't seem to align with the usual economic or security drivers behind peering. Ofcourse we can't exclude the possiblity this happens, but I am not aware of anyone who explicitly configured things to be that way. I'm beginning to suspect that the "there is lots of IPv6 traffic!" some folks report on is mostly between handsets (strictly controlled by the mobile provider) and a select few Big Content on-net cache devices. Even if we consider such an intranet IPv6 deployment part of the big-I Internet, it doesn't strike me as healthy. I posit: the further an IP packet has to travel, the less likely it is to be an IPv6 packet. Kind regards, Job
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Carlos Friaças wrote : > Admitting that "zealotism" is not a got thing might be a good 1st step. I did not create the IPv4 zealots, I joined their ranks by economic necessity. I do not like it, but I need the IPv4 ecosystem for 20 more years and I am not going to let the IPv6 zealots destroy my business. >> 3 months ago, I turned DECNET off on my network. It was actually not even an >> IT/network decision; customer >> decided they were done with a product, and we de-commissioned the tools >> with DECNET. Business decision. >> We run OS/2 Warp, MS-DOS, Windows 95, HPUX, Solaris, Windows 2000, and I >> probably forget some. > So, hardly any IPv6 there :-) 100% IPv4 :-) > If a new project pops up that will need 10x the public address space you > have... good luck. I already have several times more public space than I need. And, $20/IP is nothing in the cost of a new project. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Job Snijders wrote : > I've observed IPv6 hitting a plateau (even a slight decrease!) in usage > of IPv6 across multiple large networks measured over significant time. I was expecting more than not even 3% IPv6 at AMSIX. I don't call it "significant time" yet. IMHO, it will take a few more years before we get a clear picture. IPv6 will plateau, I just don't think we know where and when yet. Or do we ? > However, if IPv4 and IPv6 grow at the same rate, my interpretation would be > that IPv4 use is not declining, > thus IPv6 isn't growing, and we should indeed be discussing the current > failing of IPv6. I did not start this thread, but it is time to acknowledge that talks of 100% IPv6 are not something that should be on the table at this time. > ps. Before we venture into a tit-for-tat where we trade pictures of decline > (e.g. IXP stats) against pictures > of growth (google stats), I'd like to learn more why we see what we see in > the current decline graphs. Do you measure what is happening on private interconnects ? MMR traffic ? I would guess that a good part of the IPv6 traffic is between large players, and that somehow they may have changed their peering scheme ? Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Marc, long time no see indeed ;-) > Marc Blanchet wrote : > To me IPv6 is the only viable solution. To me IPv4 is the only viable solution until a replacement for IPv6 is found. You know what I do for a living. Where are the US$ 2B I need to dual-stack ? I just can't afford it. > but the larger address space remains a clear win over IPv4. Not to everyone. > To me, this whole discussion is moot. IPv6 has not yet took over IPv4 yet. I saw that one coming a long time ago. Was a bit of a shock. > But that does not mean we shall not continue working on improving IPv6 and > deploying it and use it. You do what you have to do to insure your survival, and so do I. At this point in time, the IPv6 zealots, by doing everything they can to kill IPv4, are a nuisance that has to be eliminated. This 240/4 as an extension of RFC1918 thing is the perfect example of it. What does it cost IPv6 ? nothing. Why do the zealots torpedo it ? because anything that hurts IPv4 is good for them, or so they think. Net result : organizations that need more than 10/8 are now (and they are plenty of examples) squatting un-announced DoD space such as 30/8. > I don’t think IPv4 will be dead in my lifetime. Then keep your dogs on leash. We can bark and bite, too. I am defending my ecosystem, and I am tired of the rethoric that IPv6 will take the world over. It will not. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sat, Oct 05, 2019 at 03:56:18PM -0400, Marc Blanchet wrote: > Up to now, I have only see an increase of the number of nodes/trafic > over IPv6, by any metric or monitoring system I’ve seen. The increase > rate is not as most of us would like to be, but still positive. To me, > if we see a decrease of usage of IPv6 over some significant period of > time, then we shall discuss about the failing of IPv6. But we are not > yet there. I've observed IPv6 hitting a plateau (even a slight decrease!) in usage of IPv6 across multiple large networks measured over significant time. A publicly accessible graphs produced from the AMS-IX platform is available here: https://stats.ams-ix.net/sflow/ether_type.html IPv4 vs IPv6 is neatly normalized by presenting the traffic as a percentage rather than some absolute measure. I'm attempting to collect information from other platforms as well because I think this type of graph helps compare apples to apples. Growth of IPv6 traffic in absolute units is expected, if we consider IPv6 traffic usage a function of overall Internet traffic usage. Internet traffic appears to grow steadily. However, if IPv4 and IPv6 grow at the same rate, my interpretation would be that IPv4 use is not declining, thus IPv6 isn't growing, and we should indeed be discussing the current failing of IPv6. Some may argue that IPv6 traffic doesn't replace IPv4 traffic, that IPv6 traffic is new apps or new demand, but in a Happy Eyeballs / dualstack / nat64 world I'd consider that somewhat unlikely. Happy to hear other people's thoughts! Kind regards, Job ps. Before we venture into a tit-for-tat where we trade pictures of decline (e.g. IXP stats) against pictures of growth (google stats), I'd like to learn more why we see what we see in the current decline graphs.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
... I guess this "war" is why some people want to make ipv6 as much like ipv4 as possible? Only . vs : and hex vs pure number as the only difference? --- Roger Jørgensen rog...@gmail.com On Sat, Oct 5, 2019, 21:44 Michel Py wrote: > Hi Job, > > > Job Snijders wrote : > > If the IPv4 vs IPv6 tussle is interpreted as a culture war, > > It is war, but I don't think it is a matter of culture. After all, 20 > years ago we almost all were in the same boat, more or less. Most of us > believed that IPv6 could replace IPv4 in a reasonable number of years, and > all of us were wrong, because it did not. > > It have become a war because of money, and the outcome will be decided by > money, not by ideals. There are people who have admitted that, and people > who have not and keep waging the war as they could still win it. > > Time to be nice has come, and gone. The IPv6 camp has clearly stated that > their goal is to win the war. Battle time. > > Michel. > >
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On 5 Oct 2019, at 15:44, Michel Py wrote: Hi Job, Job Snijders wrote : If the IPv4 vs IPv6 tussle is interpreted as a culture war, It is war, but I don't think it is a matter of culture. After all, 20 years ago we almost all were in the same boat, more or less. Most of us believed that IPv6 could replace IPv4 in a reasonable number of years, and all of us were wrong, because it did not. you are right Michel, it hasn’t yet. I did not have any number of years in my mind, but I was sure that it would quite long. The footprint of IPv4 Internet (including OS, devices, software, networks, …) is so so large, that it sure will take a loong time. Cobol is still in use… I don’t think IPv4 will be dead in my lifetime. But that does not mean we should not be working on its replacement to sustain the growth. To me IPv6 is the only viable solution. It has gone through pretty hard infancy, but is improving. Many of its great new ideas has been almost abandonned, but the larger address space remains a clear win over IPv4. To me, this whole discussion is moot. IPv6 has not yet took over IPv4 yet. But that does not mean we shall not continue working on improving IPv6 and deploying it and use it. Up to now, I have only see an increase of the number of nodes/trafic over IPv6, by any metric or monitoring system I’ve seen. The increase rate is not as most of us would like to be, but still positive. To me, if we see a decrease of usage of IPv6 over some significant period of time, then we shall discuss about the failing of IPv6. But we are not yet there. Regards, Marc. It have become a war because of money, and the outcome will be decided by money, not by ideals. There are people who have admitted that, and people who have not and keep waging the war as they could still win it. Time to be nice has come, and gone. The IPv6 camp has clearly stated that their goal is to win the war. Battle time. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sat, Oct 05, 2019 at 08:10:19PM +0200, Gert Doering wrote: Uh, no. The IETF decides what it is, and if they say it's private (like they did with RFC1918), then it is. If they say it's "reserved", it's not up for grabs (neither for the RIRs not for any private deployment either). "Not RIR space" does not make it "private", there are at least 3 different states. Best examples are 1.1.1.1 and 5.5.5.5 Anton
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sat, Oct 05, 2019 at 06:31:25PM +, Michel Py wrote: > > Sander Steffann wrote : > > I must say I have had enough of your snarky remarks. They are very > > unproductive and do not contribute to this working group in any way. > > Please refrain from posting unless you have something to contribute > > please. > > Then unsubscribe me. What is very unproductive is the last twenty > years you have failed to make IPv6 the prevalent protocol. That's half > one's career, and you will spend the other half failing again. Great > job. An entire career failing. Employers like people who achieve > goals. Good luck. Michel, many of us are frustrated with the current state of affairs (for different reasons, however that isn't relevant). This frustration, those rage knots in your stomache, don't mean we should permit ourselves to submit unfiltered bitterness into each other's mailboxes. If the IPv4 vs IPv6 tussle is interpreted as a culture war, I think by now all sides are thoroughly confused and have no idea what is going on. Is this still part of a long game? Are we at a tipping point, just one final barrier, or wasting our breath? It is really hard to tell at times. I say "all sides" because there are more than 2 factions. There are people who like neither IPv4 or IPv6, or just one of the two. In this landscape there are quite some folks have staked their careers on either one of the address families, and even such circumstances we should be careful to avoid rhetoric devices like ad-hominem. Once deployed you immediately lost whatever debate was going on. In such instances it may be time to take a break. There are folks who have genuine belief systems in which they consider spending half of their career an absolute necessity towards some their personal higher goal. A friend recently told me "there's a thin line between passion and madness". In such a situation, the best I hope for, is that all sides at least acknowledge the possiblity that they themselves were the ones spending energy in a counter-productive direction. Before hitting "send" it is always good to consider what other interpretations of the email-being-replied-to are possible, consider what the author may have meant to say, and how your reply will affect them and the other readers. So, either strive to be excellent to each other, or refrain from posting. Kind regards, Job
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On 10/5/19 12:06 PM, Dave Taht wrote: Lee Howard writes: IPv6 deployment in your network means cutting your NAT expense in half. More, as more sites deploy. There's no fungable or measureable "NAT expense". NAT generally saves money. Look at the container market for one recent example. If you have a dedicated box or service card for NAT, you have a specific NAT expense. If you can buy a smaller box for half the cost, you've saved a specific amount of money. I know of mobile carriers who NATted every Internet connection in IPv4, and have halved their capital expense on NAT. IPv6 deployment in your network might mean you can sell some of your IPv4 addresses, a clever way I've seen to fund the transition. That I agree with. But I see no sign anyone is actually doing that. It's saner to horde at the moment. I've had inquiries along these lines, and written proposals. IPv6 deployment on your web site means improving your page load time, and therefore SEO, and therefore revenue. At NANOG I showed quotes that IPv6 increases revenue by 0.2%-7%.[1] BS. Happy eyeballs costs time. Here's my assessment: https://www.retevia.net/why-is-ipv6-faster/ The cost to deploy IPv6 is not high: it's mostly labor, and people who BS. It needs to be implemented first in a deployable state. "Deployable"? It's been deployed by the millions. Everyone who's done it says it was mostly labor. complain that there's no training are ignoring the hundreds of tutorials, books, articles, videos, and web sites available to them for free, not to mention the thousands of friendly engineers. To everyone who sees a high cost, I ask whether you know the value of NAT reduction and web site speed (and avoiding buying addresses, or I note that port exaustion is a real thing on ipv4 networks today that more should measure. In one recent set of "coffee shop tests", I had an over 30% initial syn failure rate. I don't know why (we were also testing ecn) at the moment, but that was a shocking number. ipv4 dns with udp was already using up a lot of udp port space. with quic eating up a lot of udp more, I'm not happy. JUST deploying dns over IPv6 as I did Interesting! selling addresses), in $LOCAL_CURRENCY, so you can evaluate every obstacle you might encounter. For instance, "Our web conferencing doesn't support IPv6, and it'll cost us $9,000 a year to change. But IPv6 will save us $30,000." The decision is easy. That last number is pure BS. It's not a single cost. It's that last dangling set of apps that can't be converted to ipv6 that's the infinite cost. I'm not sure what you're calling "BS." Obviously $30,000 was a made-up number for the example. I don't know what "dangling set of apps" you mean that can't be converted, especially in the context of "How much would it cost to add IPv6 support?" In another message on this thread I noted that small ISPs are squeezed between CPE and IPv4 purchases. They can't get CPE that supports IPv6, or that supports MAP or 464xlat, because they don't buy enough, so they have to pay to buy addresses. They can't get cheap CPE that has those features. ALL that code runs great in openwrt. And ipv4 addresses are needed until ipv6 hits 100% deployment. Fewer IPv4 addresses are needed in the context of MAP or 464xlat. That's easily solved by collective action: 100 small ISPs can get the features they want (at a better discount) than one acting alone. Great. Is there an ISP association trying to do that already? Not that I know of. If there's interest, I'll support, maybe organize. Lee
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Sander Steffann wrote : > I must say I have had enough of your snarky remarks. They are very > unproductive and do not contribute to this working group in any way. Please > refrain from posting unless you have something to contribute please. Then unsubscribe me. What is very unproductive is the last twenty years you have failed to make IPv6 the prevalent protocol. That's half one's career, and you will spend the other half failing again. Great job. An entire career failing. Employers like people who achieve goals. Good luck. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On 10/5/19 11:53 AM, Dave Taht wrote: Lee Howard writes: On 10/4/19 4:55 PM, Dave Taht wrote: not being able to get a static IPv6 address out of comcast, my hurricane tunnel getting blocked by netflix, the still-huge prefix sub-distribution problem. The idea of dynamic 2 week prefixes in part of the world prone to earthquakes doesn't work for me... I can think of several programmatic ways to deal with that. ... for real use a static ipv6/48 to distribute is needed. Dynamic ipv6 assignments are fine if you are doing trivial stuff but if ipv6 is ever to even start to supplant ipv4 it's got to become more static. Or more resilient to renumbering. I didn't mean to suggest that you as a user should have to code your home network. I meant that we (maybe IETF) have not done well at handling the case of "I received a new prefix, and I am the edge router; I need to tell everything else what changed." Thus kicking off RAs, DHCPv6 updates, dDNS updates, and a firewall that understands dynamic prefixing. I was thinking about some Hackathon projects to add IPv6 capability to open source projects. Seems to me the hardest part is making sure there's an adequate test environment. Hackathons ARE useful tools for getting a short burst of focused work out of people sharing the same space and time, but too many are thinking hackathons alone will solve more detailed design, coding and iteration problems; it's one of those ideas trivializing the costs of "Real Programming(tm)" that really bugs me nowadays. I could share here the detailed project management stuff that went into cerowrt's run (3 years), or the outline of work we did for make-wifi-fast - which we've now been at for over 5 years now - 3+ to get fq_codel to work right on wifi, 2 to rework the API to work for more devices, and a pointer to the latest work which has been going for 3+ months now - and for all that we've only accomplished about 1/10th what we wanted to do, and only on 4 chipsets (most recently intel's ax200 chips) out of the hundreds. This might make for an interesting WG discussion, getting actual work organized and done. But Mr.Rey's reference about IPv6 deployment rates also makes a good point! Nobody cares about deployment rates. What good does it do, if people don't use it ? This is more realistic : https://www.google.com/intl/en/ipv6/statistics.html During the week, we are below 25%. (Replying to an item upthread) APNIC's statistics show that in almost every network that has IPv6, it is almost always used. I pointed to coffee shops as one counter example. If they don't have IPv6, they're not using it. To the lack of DHCPv6-PD on android (and I think, IOS) for tethering as another. Based on discussions at IETF, I guess Android is expecting to get multiple IPv6 addresses and reassign as needed. Don't know about IOS. Another thought I've had: One of the reasons small ISPs can't deploy IPv6 is that they don't control the features in the CPE, because they don't buy enough. I know a couple CPE vendors who would be happy to provide a specific feature set for a guaranteed purchase of a couple thousand units a month. This sounds like a good business to me: if a bunch of small ISPs each contract for a specific number of units, but require RIPE-554, RFC7084, and RFC8085, we could both get the needed features, and get a larger volume discount than they get now. Yes, the smaller ISPs should join together in a buying club like that. Tried to get that going in NZ once. Failed. tried harder to make the aftermarket do the right thing - the eeros and google wifi's of the world are doing ok, the bottom part of the market just copy/pastes whatever's in openwrt at that moment, slaps a label on it and ships it. So we focused on making the openwrt base as good as possible. Might be another part of "What the WG should do" discussion. Saving $1 per CPE is better than spending $20 for an IPv4 address for every new user. Please confirm my math. :) I always thought that ISPs would invest in their CPE far more than they have. Free.fr being a shining example! ISPs get paid for modem rentals and have customer support costs that could be reduced - that should have been a great ongoing funding source and motivation, alone. but I know a few vendors, like evenroute, doing bufferbloat AND ipv6 right, that have totally failed to crack ISP market thus far. and for no reason I can think of, the rental folk don't push out new hardware OR new software to their users - I think charter made an effort to get docsis 3.1 stuff out there and retire all the docsis 2.0 gear in place, but not comcast. Secondly none of those ipv6 standards help when you still really need a real IPv4 address, so yer still out the $20, IF you can buy the /24s you need. And there's more ipv6 RFCs left without running, integrated code, to support them. In my experience, accountants run the CPE purchasing, and saving 5¢ per unit is worth more to them than
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, > Op 5 okt. 2019, om 19:27 heeft Michel Py > het volgende geschreven: > >> r...@jack.fr.eu.org wrote : >> What is not FUD is that 240/4 is not currently routable through my home >> router > > Oh wow, you need 240/4 on your home router ? must be a pretty big home, if > you don't have enough with 10/8 I must say I have had enough of your snarky remarks. They are very unproductive and do not contribute to this working group in any way. Please refrain from posting unless you have something to contribute please. Cheers, Sander signature.asc Description: Message signed with OpenPGP
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Hi, On Sat, Oct 05, 2019 at 05:06:57PM +, Michel Py wrote: > > Gert Doering wrote : > > It's not "private address space" unless designated as such. > > Wrong again. It's not public unless given to RIRs to allocate it. > FUD++ Uh, no. The IETF decides what it is, and if they say it's private (like they did with RFC1918), then it is. If they say it's "reserved", it's not up for grabs (neither for the RIRs not for any private deployment either). "Not RIR space" does not make it "private", there are at least 3 different states. Before calling FUD on others, please get your facts straight. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 signature.asc Description: PGP signature
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
Well, if someone has to use to to provide some kind of service, someone shall have the possibility to use this service If you are doing a network for yourself, you can use whatever range from 0/0 On 10/05/2019 07:27 PM, Michel Py wrote: >> r...@jack.fr.eu.org wrote : >> What is not FUD is that 240/4 is not currently routable through my home >> router > > Oh wow, you need 240/4 on your home router ? must be a pretty big home, if > you don't have enough with 10/8 > > Michel. >
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> r...@jack.fr.eu.org wrote : > What is not FUD is that 240/4 is not currently routable through my home router Oh wow, you need 240/4 on your home router ? must be a pretty big home, if you don't have enough with 10/8 Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
> Dave That wrote : > That last number is pure BS. It's not a single cost. It's that last dangling > set of apps that can't be converted to ipv6 that's the infinite cost. It's not only the apps, it's the tools and the entire business process that is behind. I am not going to replace a ten million dollar tool to make it IPv6 compatible. Michel.
Re: [ipv6-wg] Have we failed as IPv6 Working Group?
On Sat, 5 Oct 2019 at 19:07, Michel Py wrote: > >>> Nick Hilliard wrote : > >>> The cost of making 240/4 usable is to update every device on the > >>> planet, including legacy ipv4 stacks. > > >> Michel Py wrote : > >> No it is not. It costs nothing to the Internet, it only costs to > >> those who chose to use it as private address space. More FUD. > > > Gert Doering wrote : > > It's not "private address space" unless designated as such. > > Wrong again. It's not public unless given to RIRs to allocate it. > FUD++ I think what Gert means is that this space has not been designated by IETF/IANA for *any* purpose yet. One way of looking at it is to acknowledge it is neither private nor public space at this moment in time. See the various columns here https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml Regards, Job
